Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Hands-On RESTful Web Services with Go

You're reading from   Hands-On RESTful Web Services with Go Develop elegant RESTful APIs with Golang for microservices and the cloud

Arrow left icon
Product type Paperback
Published in Feb 2020
Publisher Packt
ISBN-13 9781838643577
Length 404 pages
Edition 2nd Edition
Languages
Arrow right icon
Author (1):
Arrow left icon
Naren Yellavula Naren Yellavula
Author Profile Icon Naren Yellavula
Naren Yellavula
Arrow right icon
View More author details
Toc

Table of Contents (16) Chapters Close

Preface 1. Getting Started with REST API Development 2. Handling Routing for our REST Services FREE CHAPTER 3. Working with Middleware and RPC 4. Simplifying RESTful Services with Popular Go Frameworks 5. Working with MongoDB and Go to Create a REST API 6. Working with Protocol Buffers and gRPC 7. Working with PostgreSQL, JSON, and Go 8. Building a REST API Client in Go 9. Asynchronous API Design 10. GraphQL and Go 11. Scaling our REST API Using Microservices 12. Containerizing REST Services for Deployment 13. Deploying REST Services on Amazon Web Services 14. Handling Authentication for our REST Services 15. Other Books You May Enjoy

Security aspects of an API

Every REST API that is developed can be either open or protected. An open API has no limit regarding the number of clients requesting the resources. But most business APIs are protected. So, what are the important things to keep in mind about security? In the following list, we'll point out all the factors that should be taken care of to secure a REST API:

  • Always use HTTPS to deliver the API Transport Layer Security (TLS).
  • Rate limit the API by using user access tokens.
  • Design various authentication and authorization roles on the API.
  • Use public key/private key encryption to sign a JWT when the client and server are internal.
  • Never store user credentials in plain files.
  • Sanitize the URL query parameters; use a POST body for incoming requests.
  • As we mentioned in the previous chapter, use an API Gateway for better performance and protection.
  • Use...
lock icon The rest of the chapter is locked
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image